Detections
Analytics

CVE-2025-53644

high

Description

OpenCV is an Open Source Computer Vision Library. Versions prior to 4.12.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.

References

https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/

https://github.com/opencv/opencv/releases/tag/4.12.0

https://github.com/opencv/opencv/issues/27271

https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466

Details

Source: Mitre, NVD

Published: 2025-07-17

Updated: 2025-07-17

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 8.7

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00042